Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

scalar: Remove unused secp256k1_scalar_chacha20 #245

Merged
merged 2 commits into from
Jul 21, 2023
Merged

scalar: Remove unused secp256k1_scalar_chacha20 #245

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
3970a72
rangeproof: Use util functions for writing big endian
real-or-random Jul 21, 2023
860360e
scalar: Remove unused secp256k1_scalar_chacha20
real-or-random Jul 19, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 6 additions & 12 deletions src/modules/rangeproof/borromean_impl.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,24 +20,18 @@
#include <limits.h>
#include <string.h>

#if defined(SECP256K1_BIG_ENDIAN)
#define BE32(x) (x)
#elif defined(SECP256K1_LITTLE_ENDIAN)
#define BE32(p) ((((p) & 0xFF) << 24) | (((p) & 0xFF00) << 8) | (((p) & 0xFF0000) >> 8) | (((p) & 0xFF000000) >> 24))
#endif

SECP256K1_INLINE static void secp256k1_borromean_hash(unsigned char *hash, const unsigned char *m, size_t mlen, const unsigned char *e, size_t elen,
size_t ridx, size_t eidx) {
uint32_t ring;
uint32_t epos;
unsigned char ring[4];
unsigned char epos[4];
secp256k1_sha256 sha256_en;
secp256k1_sha256_initialize(&sha256_en);
ring = BE32((uint32_t)ridx);
epos = BE32((uint32_t)eidx);
secp256k1_write_be32(ring, (uint32_t)ridx);
secp256k1_write_be32(epos, (uint32_t)eidx);
secp256k1_sha256_write(&sha256_en, e, elen);
secp256k1_sha256_write(&sha256_en, m, mlen);
secp256k1_sha256_write(&sha256_en, (unsigned char*)&ring, 4);
secp256k1_sha256_write(&sha256_en, (unsigned char*)&epos, 4);
secp256k1_sha256_write(&sha256_en, ring, 4);
secp256k1_sha256_write(&sha256_en, epos, 4);
secp256k1_sha256_finalize(&sha256_en, hash);
}

Expand Down
3 changes: 0 additions & 3 deletions src/scalar.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -108,7 +108,4 @@ static void secp256k1_scalar_mul_shift_var(secp256k1_scalar *r, const secp256k1_
/** If flag is true, set *r equal to *a; otherwise leave it. Constant-time. Both *r and *a must be initialized.*/
static void secp256k1_scalar_cmov(secp256k1_scalar *r, const secp256k1_scalar *a, int flag);

/** Generate two scalars from a 32-byte seed and an integer using the chacha20 stream cipher */
static void secp256k1_scalar_chacha20(secp256k1_scalar *r1, secp256k1_scalar *r2, const unsigned char *seed, uint64_t idx);

#endif /* SECP256K1_SCALAR_H */
87 changes: 0 additions & 87 deletions src/scalar_4x64_impl.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -970,93 +970,6 @@ static SECP256K1_INLINE void secp256k1_scalar_cmov(secp256k1_scalar *r, const se
r->d[3] = (r->d[3] & mask0) | (a->d[3] & mask1);
}

#define ROTL32(x,n) ((x) << (n) | (x) >> (32-(n)))
#define QUARTERROUND(a,b,c,d) \
a += b; d = ROTL32(d ^ a, 16); \
c += d; b = ROTL32(b ^ c, 12); \
a += b; d = ROTL32(d ^ a, 8); \
c += d; b = ROTL32(b ^ c, 7);

#if defined(SECP256K1_BIG_ENDIAN)
#define LE32(p) ((((p) & 0xFF) << 24) | (((p) & 0xFF00) << 8) | (((p) & 0xFF0000) >> 8) | (((p) & 0xFF000000) >> 24))
#elif defined(SECP256K1_LITTLE_ENDIAN)
#define LE32(p) (p)
#endif

static void secp256k1_scalar_chacha20(secp256k1_scalar *r1, secp256k1_scalar *r2, const unsigned char *seed, uint64_t idx) {
size_t n;
size_t over_count = 0;
uint32_t seed32[8];
uint32_t x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15;
int over1, over2;

memcpy((void *) seed32, (const void *) seed, 32);
do {
x0 = 0x61707865;
x1 = 0x3320646e;
x2 = 0x79622d32;
x3 = 0x6b206574;
x4 = LE32(seed32[0]);
x5 = LE32(seed32[1]);
x6 = LE32(seed32[2]);
x7 = LE32(seed32[3]);
x8 = LE32(seed32[4]);
x9 = LE32(seed32[5]);
x10 = LE32(seed32[6]);
x11 = LE32(seed32[7]);
x12 = idx;
x13 = idx >> 32;
x14 = 0;
x15 = over_count;

n = 10;
while (n--) {
QUARTERROUND(x0, x4, x8,x12)
QUARTERROUND(x1, x5, x9,x13)
QUARTERROUND(x2, x6,x10,x14)
QUARTERROUND(x3, x7,x11,x15)
QUARTERROUND(x0, x5,x10,x15)
QUARTERROUND(x1, x6,x11,x12)
QUARTERROUND(x2, x7, x8,x13)
QUARTERROUND(x3, x4, x9,x14)
}

x0 += 0x61707865;
x1 += 0x3320646e;
x2 += 0x79622d32;
x3 += 0x6b206574;
x4 += LE32(seed32[0]);
x5 += LE32(seed32[1]);
x6 += LE32(seed32[2]);
x7 += LE32(seed32[3]);
x8 += LE32(seed32[4]);
x9 += LE32(seed32[5]);
x10 += LE32(seed32[6]);
x11 += LE32(seed32[7]);
x12 += idx;
x13 += idx >> 32;
x14 += 0;
x15 += over_count;

r1->d[3] = (((uint64_t) x0) << 32) | x1;
r1->d[2] = (((uint64_t) x2) << 32) | x3;
r1->d[1] = (((uint64_t) x4) << 32) | x5;
r1->d[0] = (((uint64_t) x6) << 32) | x7;
r2->d[3] = (((uint64_t) x8) << 32) | x9;
r2->d[2] = (((uint64_t) x10) << 32) | x11;
r2->d[1] = (((uint64_t) x12) << 32) | x13;
r2->d[0] = (((uint64_t) x14) << 32) | x15;

over1 = secp256k1_scalar_check_overflow(r1);
over2 = secp256k1_scalar_check_overflow(r2);
over_count++;
} while (over1 | over2);
}

#undef ROTL32
#undef QUARTERROUND
#undef LE32

static void secp256k1_scalar_from_signed62(secp256k1_scalar *r, const secp256k1_modinv64_signed62 *a) {
const uint64_t a0 = a->v[0], a1 = a->v[1], a2 = a->v[2], a3 = a->v[3], a4 = a->v[4];

Expand Down
95 changes: 0 additions & 95 deletions src/scalar_8x32_impl.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -749,101 +749,6 @@ static SECP256K1_INLINE void secp256k1_scalar_cmov(secp256k1_scalar *r, const se
r->d[7] = (r->d[7] & mask0) | (a->d[7] & mask1);
}

#define ROTL32(x,n) ((x) << (n) | (x) >> (32-(n)))
#define QUARTERROUND(a,b,c,d) \
a += b; d = ROTL32(d ^ a, 16); \
c += d; b = ROTL32(b ^ c, 12); \
a += b; d = ROTL32(d ^ a, 8); \
c += d; b = ROTL32(b ^ c, 7);

#if defined(SECP256K1_BIG_ENDIAN)
#define LE32(p) ((((p) & 0xFF) << 24) | (((p) & 0xFF00) << 8) | (((p) & 0xFF0000) >> 8) | (((p) & 0xFF000000) >> 24))
#elif defined(SECP256K1_LITTLE_ENDIAN)
#define LE32(p) (p)
#endif

static void secp256k1_scalar_chacha20(secp256k1_scalar *r1, secp256k1_scalar *r2, const unsigned char *seed, uint64_t idx) {
size_t n;
size_t over_count = 0;
uint32_t seed32[8];
uint32_t x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15;
int over1, over2;

memcpy((void *) seed32, (const void *) seed, 32);
do {
x0 = 0x61707865;
x1 = 0x3320646e;
x2 = 0x79622d32;
x3 = 0x6b206574;
x4 = LE32(seed32[0]);
x5 = LE32(seed32[1]);
x6 = LE32(seed32[2]);
x7 = LE32(seed32[3]);
x8 = LE32(seed32[4]);
x9 = LE32(seed32[5]);
x10 = LE32(seed32[6]);
x11 = LE32(seed32[7]);
x12 = idx;
x13 = idx >> 32;
x14 = 0;
x15 = over_count;

n = 10;
while (n--) {
QUARTERROUND(x0, x4, x8,x12)
QUARTERROUND(x1, x5, x9,x13)
QUARTERROUND(x2, x6,x10,x14)
QUARTERROUND(x3, x7,x11,x15)
QUARTERROUND(x0, x5,x10,x15)
QUARTERROUND(x1, x6,x11,x12)
QUARTERROUND(x2, x7, x8,x13)
QUARTERROUND(x3, x4, x9,x14)
}

x0 += 0x61707865;
x1 += 0x3320646e;
x2 += 0x79622d32;
x3 += 0x6b206574;
x4 += LE32(seed32[0]);
x5 += LE32(seed32[1]);
x6 += LE32(seed32[2]);
x7 += LE32(seed32[3]);
x8 += LE32(seed32[4]);
x9 += LE32(seed32[5]);
x10 += LE32(seed32[6]);
x11 += LE32(seed32[7]);
x12 += idx;
x13 += idx >> 32;
x14 += 0;
x15 += over_count;

r1->d[7] = x0;
r1->d[6] = x1;
r1->d[5] = x2;
r1->d[4] = x3;
r1->d[3] = x4;
r1->d[2] = x5;
r1->d[1] = x6;
r1->d[0] = x7;
r2->d[7] = x8;
r2->d[6] = x9;
r2->d[5] = x10;
r2->d[4] = x11;
r2->d[3] = x12;
r2->d[2] = x13;
r2->d[1] = x14;
r2->d[0] = x15;

over1 = secp256k1_scalar_check_overflow(r1);
over2 = secp256k1_scalar_check_overflow(r2);
over_count++;
} while (over1 | over2);
}

#undef ROTL32
#undef QUARTERROUND
#undef LE32

static void secp256k1_scalar_from_signed30(secp256k1_scalar *r, const secp256k1_modinv32_signed30 *a) {
const uint32_t a0 = a->v[0], a1 = a->v[1], a2 = a->v[2], a3 = a->v[3], a4 = a->v[4],
a5 = a->v[5], a6 = a->v[6], a7 = a->v[7], a8 = a->v[8];
Expand Down
5 changes: 0 additions & 5 deletions src/scalar_low_impl.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -127,11 +127,6 @@ static SECP256K1_INLINE void secp256k1_scalar_cmov(secp256k1_scalar *r, const se
*r = (*r & mask0) | (*a & mask1);
}

SECP256K1_INLINE static void secp256k1_scalar_chacha20(secp256k1_scalar *r1, secp256k1_scalar *r2, const unsigned char *seed, uint64_t n) {
*r1 = (seed[0] + n) % EXHAUSTIVE_TEST_ORDER;
*r2 = (seed[1] + n) % EXHAUSTIVE_TEST_ORDER;
}

static void secp256k1_scalar_inverse(secp256k1_scalar *r, const secp256k1_scalar *x) {
int i;
*r = 0;
Expand Down
110 changes: 0 additions & 110 deletions src/tests.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1949,114 +1949,6 @@ void run_scalar_set_b32_seckey_tests(void) {
CHECK(secp256k1_scalar_set_b32_seckey(&s2, b32) == 0);
}

void scalar_chacha_tests(void) {
/* Test vectors 1 to 4 from https://tools.ietf.org/html/rfc8439#appendix-A
* Note that scalar_set_b32 and scalar_get_b32 represent integers
* underlying the scalar in big-endian format. */
unsigned char expected1[64] = {
0xad, 0xe0, 0xb8, 0x76, 0x90, 0x3d, 0xf1, 0xa0,
0xe5, 0x6a, 0x5d, 0x40, 0x28, 0xbd, 0x86, 0x53,
0xb8, 0x19, 0xd2, 0xbd, 0x1a, 0xed, 0x8d, 0xa0,
0xcc, 0xef, 0x36, 0xa8, 0xc7, 0x0d, 0x77, 0x8b,
0x7c, 0x59, 0x41, 0xda, 0x8d, 0x48, 0x57, 0x51,
0x3f, 0xe0, 0x24, 0x77, 0x37, 0x4a, 0xd8, 0xb8,
0xf4, 0xb8, 0x43, 0x6a, 0x1c, 0xa1, 0x18, 0x15,
0x69, 0xb6, 0x87, 0xc3, 0x86, 0x65, 0xee, 0xb2
};
unsigned char expected2[64] = {
0xbe, 0xe7, 0x07, 0x9f, 0x7a, 0x38, 0x51, 0x55,
0x7c, 0x97, 0xba, 0x98, 0x0d, 0x08, 0x2d, 0x73,
0xa0, 0x29, 0x0f, 0xcb, 0x69, 0x65, 0xe3, 0x48,
0x3e, 0x53, 0xc6, 0x12, 0xed, 0x7a, 0xee, 0x32,
0x76, 0x21, 0xb7, 0x29, 0x43, 0x4e, 0xe6, 0x9c,
0xb0, 0x33, 0x71, 0xd5, 0xd5, 0x39, 0xd8, 0x74,
0x28, 0x1f, 0xed, 0x31, 0x45, 0xfb, 0x0a, 0x51,
0x1f, 0x0a, 0xe1, 0xac, 0x6f, 0x4d, 0x79, 0x4b
};
unsigned char seed3[32] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01
};
unsigned char expected3[64] = {
0x24, 0x52, 0xeb, 0x3a, 0x92, 0x49, 0xf8, 0xec,
0x8d, 0x82, 0x9d, 0x9b, 0xdd, 0xd4, 0xce, 0xb1,
0xe8, 0x25, 0x20, 0x83, 0x60, 0x81, 0x8b, 0x01,
0xf3, 0x84, 0x22, 0xb8, 0x5a, 0xaa, 0x49, 0xc9,
0xbb, 0x00, 0xca, 0x8e, 0xda, 0x3b, 0xa7, 0xb4,
0xc4, 0xb5, 0x92, 0xd1, 0xfd, 0xf2, 0x73, 0x2f,
0x44, 0x36, 0x27, 0x4e, 0x25, 0x61, 0xb3, 0xc8,
0xeb, 0xdd, 0x4a, 0xa6, 0xa0, 0x13, 0x6c, 0x00
};
unsigned char seed4[32] = {
0x00, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
};
unsigned char expected4[64] = {
0xfb, 0x4d, 0xd5, 0x72, 0x4b, 0xc4, 0x2e, 0xf1,
0xdf, 0x92, 0x26, 0x36, 0x32, 0x7f, 0x13, 0x94,
0xa7, 0x8d, 0xea, 0x8f, 0x5e, 0x26, 0x90, 0x39,
0xa1, 0xbe, 0xbb, 0xc1, 0xca, 0xf0, 0x9a, 0xae,
0xa2, 0x5a, 0xb2, 0x13, 0x48, 0xa6, 0xb4, 0x6c,
0x1b, 0x9d, 0x9b, 0xcb, 0x09, 0x2c, 0x5b, 0xe6,
0x54, 0x6c, 0xa6, 0x24, 0x1b, 0xec, 0x45, 0xd5,
0x87, 0xf4, 0x74, 0x73, 0x96, 0xf0, 0x99, 0x2e
};
unsigned char seed5[32] = {
0x32, 0x56, 0x56, 0xf4, 0x29, 0x02, 0xc2, 0xf8,
0xa3, 0x4b, 0x96, 0xf5, 0xa7, 0xf7, 0xe3, 0x6c,
0x92, 0xad, 0xa5, 0x18, 0x1c, 0xe3, 0x41, 0xae,
0xc3, 0xf3, 0x18, 0xd0, 0xfa, 0x5b, 0x72, 0x53
};
unsigned char expected5[64] = {
0xe7, 0x56, 0xd3, 0x28, 0xe9, 0xc6, 0x19, 0x5c,
0x6f, 0x17, 0x8e, 0x21, 0x8c, 0x1e, 0x72, 0x11,
0xe7, 0xbd, 0x17, 0x0d, 0xac, 0x14, 0xad, 0xe9,
0x3d, 0x9f, 0xb6, 0x92, 0xd6, 0x09, 0x20, 0xfb,
0x43, 0x8e, 0x3b, 0x6d, 0xe3, 0x33, 0xdc, 0xc7,
0x6c, 0x07, 0x6f, 0xbb, 0x1f, 0xb4, 0xc8, 0xb5,
0xe3, 0x6c, 0xe5, 0x12, 0xd9, 0xd7, 0x64, 0x0c,
0xf5, 0xa7, 0x0d, 0xab, 0x79, 0x03, 0xf1, 0x81
};

secp256k1_scalar exp_r1, exp_r2;
secp256k1_scalar r1, r2;
unsigned char seed0[32] = { 0 };

secp256k1_scalar_chacha20(&r1, &r2, seed0, 0);
secp256k1_scalar_set_b32(&exp_r1, &expected1[0], NULL);
secp256k1_scalar_set_b32(&exp_r2, &expected1[32], NULL);
CHECK(secp256k1_scalar_eq(&exp_r1, &r1));
CHECK(secp256k1_scalar_eq(&exp_r2, &r2));

secp256k1_scalar_chacha20(&r1, &r2, seed0, 1);
secp256k1_scalar_set_b32(&exp_r1, &expected2[0], NULL);
secp256k1_scalar_set_b32(&exp_r2, &expected2[32], NULL);
CHECK(secp256k1_scalar_eq(&exp_r1, &r1));
CHECK(secp256k1_scalar_eq(&exp_r2, &r2));

secp256k1_scalar_chacha20(&r1, &r2, seed3, 1);
secp256k1_scalar_set_b32(&exp_r1, &expected3[0], NULL);
secp256k1_scalar_set_b32(&exp_r2, &expected3[32], NULL);
CHECK(secp256k1_scalar_eq(&exp_r1, &r1));
CHECK(secp256k1_scalar_eq(&exp_r2, &r2));

secp256k1_scalar_chacha20(&r1, &r2, seed4, 2);
secp256k1_scalar_set_b32(&exp_r1, &expected4[0], NULL);
secp256k1_scalar_set_b32(&exp_r2, &expected4[32], NULL);
CHECK(secp256k1_scalar_eq(&exp_r1, &r1));
CHECK(secp256k1_scalar_eq(&exp_r2, &r2));

secp256k1_scalar_chacha20(&r1, &r2, seed5, 0x6ff8602a7a78e2f2ULL);
secp256k1_scalar_set_b32(&exp_r1, &expected5[0], NULL);
secp256k1_scalar_set_b32(&exp_r2, &expected5[32], NULL);
CHECK(secp256k1_scalar_eq(&exp_r1, &r1));
CHECK(secp256k1_scalar_eq(&exp_r2, &r2));
}

void run_scalar_tests(void) {
int i;
for (i = 0; i < 128 * count; i++) {
Expand All @@ -2066,8 +1958,6 @@ void run_scalar_tests(void) {
run_scalar_set_b32_seckey_tests();
}

scalar_chacha_tests();

{
/* (-1)+1 should be zero. */
secp256k1_scalar s, o;
Expand Down
Loading